Avahi by Default on the Desktop

Summary

Fedora should work out of the box discovering MDNS shared printers and other MDNS devices. The system should not publish any private information via MDNS by default, but MDNS should be available for device discovery by default for the Desktop install of Fedora.

In principle this is similar to how DNS lookups are enabled out of the box, and are taken for granted.

Detailed Description

User is in at home or in a print shop (like Kinkos) and wants to print to a printer for the first time.

Opens "Printers" in System Settings to add a new printer.

The printer is advertised using MDNS and user sees it displayed, clicks on it to install.

Currently this does not work in Fedora. Avahi is blocked by our firewall by default. Obviously many printers don't use MDNS. This is about MDNS and our implementation: Avahi.

Note that a firewall is orthogonal this use case. We want printers to be discoverable from the "Printers" control panel on any network, even on possibly otherwise "hostile" networks. The user should not have to type their root or login password for a policy kit prompt to see MDNS devices on the network. Neither should they have to disable their firewall or otherwise diddle it.

Unknown security bugs are accounted for by use of SELinux with the avahi daemon. Known privacy issues in avahi have been fixed.

No private information should ever be published by Fedora by default, whether via MDNS or any other mechanism. We have patched various applications to make sure this does not occur. The user should always be the one who turns on any publishing of information.

Please note that the system's hostname is not considered private information. This in formation is broadcast on the network by DHCP and other components.
By connecting to a network using DHCP the expectation is that the user publishes their host name. This is the case for pretty much all mainstream OS's in their default configuration, including current releases of RHEL and Fedora.

GNOME is working on user interfaces for privacy and sharing, but that is not a part of this feature.

This is not about UPnP or other methods of device discovery. Future evaluation of these other methods would examine their features, privacy, and security on their own merit.

Benefit to Fedora

Fewer users will disable the firewall, leading to real world boost for security.

Fedora will be simpler for users to setup.

Scope

See the research for the various packages touched, and progress on that work.

Once these patches have gone in, we will update the installer comps data so that if the 'Desktop' component is selected on Fedora install, a relevant firewall with MDNS (udp port 5353) open by default will be installed by anaconda.

How To Test

Install a new fedora system.

Use the following command to verify that Avahi is running:

systemctl status avahi-daemon.service

Use the following to show that the 5353 port is open in the firewall:

system-config-firewall

Use the following command on another system on the network to show that no private information or additional services have been displayed.

avahi-browse --all

User Experience

Users will not be encouraged to disable the firewall. Fedora will be less abrasive for new users.

Dependencies

avahi

libvirtd

udisks2

system-config-firewall

anaconda

Contingency Plan

There are various fixes to packages so they do not publish information by default.

If these patches do not make it 'in', then we will not open avahi by default in the firewall.